Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Russian being prosecuted for $170 million fraudulent credit-card purchases

Roman Seleznev, the son of a Russian lawmaker, was described as a mastermind behind  an international hacking scheme that resulted  in $170 million in fraudulent credit-card purchases.

In a federal jury trial that begins this week, prosecutors plan to present evidence and prove that he stole credit card information by hacking into the records of Washington pizza restaurants and other U.S. businesses, and made money out off it.

Steve Bussing, owner of Red Pepper Pizza in Duvall, northeast of Seattle, told The Associated Press he and his wife spent $10,000 installing a new computer system after they learned theirs was compromised by a hacker.

"It was a huge expense" for a small business.the process disrupted their business as they shut down and reinstalled a new security system to protect their customers", he said

Defense lawyer say the  Seleznyov was arrested in Maldives by  U.S. Secret Service agents, and they mishandled his laptop and may have compromised evidence. Seleznyov was flown to Guam for an initial court appearance, and then to Seattle.

His father, Valery Seleznev, is a member of the State Duma, Russia's lower parliament house.

Russia allegeded that Seleznyov was kidnapped by U.S. authorities.
Read more »

Three Romanians Caught Stealing Lakhs From Kerala ATM

(pc-google images)
Three Romanian nationals are suspected to have stolen lakhs in an ATM robbery that has shocked the state of Kerala. Police said that the stolen money could amount up to Rs.4.5 lakh, and have decided to seek Interpol’s help.

A team of top police officers and cyber and technical experts visited the ATM of a public sector bank at Althara junction at Vellayambalam, where a suspected electronic device was found to have been installed.

On CCTV footage from ATMs in Thiruvananthapuram, three foreigners were seen reaching up and apparently tampering with the smoke alarm. City Police Commissioner G Sparjan Kumar said that police are trying to ascertain the whereabouts of the three persons, whose pictures had been retrieved from the CCTV. "We examined the visuals of the CCTV and got the pictures of three foreigners.

"We suspect that they had a hand in the ATM robbery," he said. "We have already intensified our investigation to trace their whereabouts and establish their identity. We are also probing whether more persons were involved in the crime," added he.

It is suspected that the electronic device at the ATM counter enabled the fraudsters to collect the secret pin code and card details.

Meanwhile, one of the suspects , Romanian Gabriel Marian, was arrested in Mumbai. He has revealed that the robbery was both high-tech and incredibly simple, involving at least two other Romanians, Bogdean Florian and Christan Victor. Kerala wants to ask Interpol to help catch the other two.
Read more »

Sage data hacked affecting 280 UK businesses


 UK software company Sage's data has been breached, compromising personal information for employees at 280 UK businesses.

The investigating agencies are probing the "unauthorised access" to data which is most probably done by someone using an "internal" company computer login.

The information was accessed many times over the past few weeks.

It is not clear whether hackers were able to steal data  from the FTSE-listed firm, or merely viewed.

The company says, "It is taking the breach extremely seriously",  they provide business software for accounting and payroll services to firms across 23 countries.

A Sage spokesperson said: "We are investigating unauthorised access to customer information using an internal login.

"We cannot comment further whilst we work with the authorities to investigate - but our customers remain our first priority and we are speaking directly with those affected."

 The Information Commissioner's Office (ICO), responsible for the enforcement of the Data Protection Act 1998, has also been informed.

Sage has notified it's all businesses partners who might have been affected by this hack  and has advised them to look out for any unusual activity.

Sage was founded in 1981 and now has more than 13,000 employees around the world.
Read more »

Pakistani hacker defaced Canara Bank website

A Pakistani hacker called himself "Faisal" hacked the website of the leading nationalised bank, Canara Bank, on August 2.

He defaced the site by inserting a malicious page and tried to block some of its e-payment services.

The Reserve Bank of India,  wrote a confidential  letter and advised bank chairmen to review funds lying in their foreign accounts, and carry out hourly reconciliation of payment emails by comparing outward messages with SWIFT confirmations.

"We have filed an FIR with the cyber crime department of the police. The bank immediately took note of the attack and isolated the server and diverted the traffic to a standby server," a senior Canara bank official told ET.

According to officials,  the hacker failed to access any type of data. "There was no loss..As of now we are seeing 20,000 online payment transactions," said the official.

After defacing the website the hacker left a message which read, "Government of India website stamped by Faisal 1337. We are a team of Pak Cyber Attackers. Go Home Kiddo. Need Security? Contact me: www.facebook.com/Pakistan1337. Pakistan Zindabad."
Read more »

Malware hidden for 5 years discovered


Top two electronic security firms Kaspersky Lab and Remsec by their counterparts from Symantec have discovered a sophisticated malware, ProjectSauron which went undetected for five years at a string of organizations.
The malware active since 2011 is so advanced in its design and execution that it gives a possibility of having been developed only with the active support of a nation-state. It is being used to target dozens of high-value targets around the world.
State-sponsored groups have been responsible for malware like the Stuxnet- or National Security Agency-linked Flame, Duqu, and Regin.
Project Sauron resides only in computer memory and was written in Binary Large Objects form. It can disguise itself as benign files and does not operate in predictable ways, making it harder to detect.
Researchers said it allows the attacker to spy on infected computers.
The California-based Symantec has labeled the group behind the attack Strider, while Moscow-based Kaspersky Labs dubbed it ProjectSauron.
The software is designed in such a way that the clues left behind are unique to each of its targets. That means that clues collected from one infection don't help researchers uncover new infections. Unlike many malware operations that reuse servers, domain names, or IP addresses for command and control channels, the people behind ProjectSauron chose a different one for almost every target. Project Sauron is made up of at least 50 modules that can be mixed and matched to suit the objectives of each individual infection.
The team behind the project has been collecting data illegally since at least October 2011. It had been fooling even the most sophisticated detection systems until last year when Kaspersky in September detected the malware on an unspecified government organization network.
The researchers discovered that at least 30 organisations were attacked by the malware. The group has maintained a low profile until now and its targets have been mainly organizations and individuals that would be of interest to a nation state’s intelligence services like government, scientific, military, telecoms and financial organisations. It is highly selective in its choice of targets. The group’s targets include a number of organizations and individuals located in Russia, Iran, Rwanda , China, Sweden and Belgium.
The malware is special or its ability to collect data from computers considered so sensitive by their operators that they have no Internet connection. To do this, the malware uses specially prepared USB storage drives that have a virtual file system that isn't viewable by the Windows operating system. To infected computers, the removable drives appear to be approved devices, but behind the scenes are several hundred megabytes reserved for storing data that is kept on the air-gapped machines. The arrangement works even against computers in which data-loss prevention software blocks the use of unknown USB drives.
Kaspersky Lab compared the threat of the malware to Flame and Duqu, which famously helped Stuxnet, disable Iranian nuclear centrifuges, leading to a shutdown of a uranium enrichment facility in Natanz in 2010.

Over the last few years, the number of APT-related incidents described in the media has grown significantly.
Read more »

Privacy rights organization sends notice to UK government

Privacy rights organization Privacy International, and  five global internet and communications services providers have lodged a formal complaint against the UK government’s use of bulk hacking targeting  foreigners at the European Court of Human Rights.

The five global providers are Chaos Computer Club (Germany), GreenNet (UK), Jinbonet (Korea), May First (US) and RiseUp (US).

Privacy International has previously this year filed a separate judicial review at the UK High Court.  Investigatory Powers Tribunal (IPT) has previously got the government to admit that they indulge in hacking, and now they want to know the extent of hacking.

"The IPT's decision permits the British government to hack untold numbers of computers devices or networks abroad without any proper legal framework, oversight or safeguards," said Scarlet Kim, legal officer at Privacy International.

"Hacking is extremely intrusive, allowing the hacker to, for example, switch on the webcam of a computer or the mic of a phone without the owner having any idea.

"Allowing the British government to hack therefore sanctions an extraordinary expansion of state surveillance capabilities, with alarming consequences for the privacy and security of many people around the world.

"The European Court of Human Rights has a strong track record of ensuring that intelligence agencies act in compliance with human rights law. We call on the Court to hold GCHQ accountable for its unlawful bulk hacking practices."

The European Court of Human Rights will hopefully settle this issue, and might inform the vague but broad regulatory environment what the UK government has in mind.

"The court case has shown that the secret services interpreted a vague law completely arbitrarily, evading the need for specific warrants and providing no protection for journalists, activists or the general public," added Cedric Knight, technical consultant at GreenNet.

"We are now even more convinced of the need for judicial pre-authorisation and for these sections of the Intelligence Services Act to be clarified. It is regrettable that the failure of the IPT to address the lack of technological or legal limitations on assumed powers has made this challenge necessary."
Read more »

Australian census website hacked

A series of hacking attacks took place on the Australian Bureau of Statistics (ABS) website on Tuesday (July 09) night which prevented thousands of citizens from participating in the census. The attacks started to hit the website from 7:30 pm.
The minister responsible for the Census has denied any hacking on the site though ABS believes the attacks were a deliberate attempt to sabotage the national survey. ABS's David Kalisch said on Wednesday (July 10) morning the census website had been attacked four times and was shut down as a precaution after the fourth attack. At a news conference on Wednesday the small business minister, Michael McCormack blamed the failure on a ‘confluence of events’ but said the system had not been breached and no data was lost.
The actor behind the attack has not been identified yet and the ABS is still working to prepare the online system to be put back online.
“We apologise for the inconvenience. The 2016 online Census form was subject to four Denial of Service attacks of varying nature & severity,” tweeted Australia census.
“The first three caused minor disruption but more than 2 million Census forms were successfully submitted and safely stored,” read another tweet on Tuesday.
Australian Privacy Commissioner Timothy Pilgrim said he would launch an investigation into the ABS cyber attacks.
The census website was unavailable again this morning.
At least two-third of the country’s population will fill the online form for the first time rather than on paper.

ABS assured to return the website operation soon to allow people to complete their census forms which have to be filled September 23. ABS has said people will not be fined for not completing the forms on census night.
Read more »

Self-Driving Tesla Turns Lifesaver, Drives Owner To Hospital

(pc-google images)
Joshua Neally would be considering himself very lucky to have got himself a self-driving car. Joshua was driving his Tesla Model X in Missouri when he suffered extreme piercing pain his stomach and chest. Rather than calling an ambulance, the 37-year-old leveraged the Tesla Autopilot system to drive to the nearest hospital.

(pc-google images)
The Tesla car then arrived at the hospital emergency area, after which Neally took control and manually steered the car into the car park before checking himself in. The driver was diagnosed with pulmonary which is caused by blood vessel obstruction in the lungs, and doctors said he was lucky to have survived it.

Tesla's Autopilot is a driver assistance feature which helps drivers cross lanes safely, adjust speed based on other vehicles close by and scan parking spaces for better parking. Tesla says that "Autopilot is getting better all the time, but it is not perfect and still requires the driver to remain alert."

The use of the technology is being investigated by the US road safety watchdog, the National Highway Traffic Safety Administration, after a Tesla driver in Florida was killed when his self-driving car crashed into a semi truck. Neally knows about the incident, but said he was happy to use the autopilot function that saved his life.

“If something like that happens where I become unconscious or incapacitated while I'm driving, I'm not going to cross over the interstate and slam into somebody or slam into one of the big rock walls," the lawyer said. "It's not going to be perfect, there's no technology that's perfect, but I think the measure is that it's better and safer."
Read more »

900 million Android phones under security risk

Security flaws that could be used by the attackers to gain the complete access to a phone's data have been found in software used in Android devices.

The bugs were found by the Checkpoint researchers when they were looking at software running on chipsets made by US firm Qualcomm.

According to the company, Qualcomm processors are found in about 900 million Android phones. However, there are no reports of vulnerabilities being used by the hackers.

"I'm pretty sure you will see these vulnerabilities being used in the next three to four months," said Michael Shaulov, head of mobility product management at Checkpoint.
"It's always a race as to who finds the bug first, whether it's the good guys or the bad."

The devices which are affected includes BlackBerry Priv, Blackphone 1 and Blackphone 2
Google Nexus 5X, Nexus 6 and Nexus 6P, HTC One, HTC M9 and HTC 10, LG G4, LG G5, and LG V10, New Moto X by Motorola,  OnePlus One, OnePlus 2 and OnePlus 3, US versions of the Samsung Galaxy S7 and Samsung S7 Edge, Sony Xperia Z Ultra.

The flaws were found in software that handles graphics and in code that controls communication between different processes running on a phone.

Qualcomm created a patch for the bugs and started using it in the fixed versions in its factories, and distributed it to the phone makers and operators.

Whereas, Checkpoint has also created a free app called QuadRooter Scanner that can be used to check if a phone is vulnerable to any of the bugs.

"People should call whoever sold them their phone, their operator or the manufacturer, and beg them for the patches," said Mr. Shaulov.
Read more »

Bitfinex to reduce customer balance by 36% to share loss


People who stored bitcoins at a popular Hong Kong-based exchange, Bitfinex have been told they will lose 36% of their assets following a cyber-attack.
Late last week Bitfinex was hacked and 119, 756 bitcoins were stolen causing a loss of up to $65m. The loss caused the price drop of about 30%, and it still hasn’t fully recovered to pre-hack levels.
The impact of the loss will now be shared across the site's users.
Since the exchange used a service to individually segregate each customer’s funds in unique wallets, only some customer’s funds were drained, while others retained their full balances. The question then became would Bitfinex limit losses to only users whose wallets were compromised, or distribute them equally amongst all users.
Bitfinex announced it would pull a page right out of Europe's bank resolution mechanism, saying that all of its users will lose 36% of their deposits after it concluded its review the massive hack, in what is set to be the first ever "bitcoin bail-in."
"We have decided to generalise losses across all accounts. Upon logging into the platform, customers will see that they have experienced a generalised loss percentage of 36.067%," read a statement on its website.
Bitfinex will issue new tokens called BFX equal to each customer’s exact losses which will cover the missing 36 percent. These tokens can later be redeemed or exchanged for shares in its parent company, iFinex Inc. Following the announcement, bitcoin climbed to $599 in early trading on August 07. The virtual currency had dropped 12% to $577.23 in the week through August 05, its largest weekly decline since June, however, has now recovered its sharp drop which had seen its price tumble as low as $470 on August 2.
“In place of the loss in each wallet, we are crediting a token labeled BFX to record each customer’s discrete losses,” the exchange wrote in a blog post on August 06.
The token will also soon trade on Bitfinex’s platform, so the community can set its own price that values the chances that the exchange will actually follow through and repay holders of BFX.
The company said they are also looking into raising capital from investors to pay back customers, but those discussions are still “at an early stage”.
Following the hack, Bitfinex closed down trading, withdrawals, and deposits and said it was cooperating with law enforcement and would update the public after its investigation. In the latest blog post, it said it will reopen with limited functionality in the next day or two. Bitfinex was the largest exchange for U.S. dollar-denominated transactions over the past month.
The decision is a disappointment for customers who held currency other than Bitcoin (like USD or ETH) with a prospect of safety.
The company justified their decision by saying that this type of shared loss is similar to what would happen if the company had to go through bankruptcy liquidation.
Following the news that Bitfinex had suffered a substantial loss of bitcoins, the price of the cryptocurrency fell by more than 20% - though it has since rebounded slightly.
The main reason for the surge in bitcoin has been the explosion of Chinese users of the virtual currency, who have rushed into bitcoin as one of the few remaining options to bypass Chinese capital controls on monetary outflows. As such the Bitfinex hack, impacting numerous Chinese participants, has not come as much of a surprise, said Zero Hedge.
In May 2015, 1,500 bitcoins were stolen in a previous attack on the exchange.
It is not the first exchange to have suffered.
Many users lost large caches of Bitcoin after they disappeared from the Mt Gox exchange, which then declared bankruptcy in 2014.
Read more »

Garda Computer Systems Hacked In Zero-Day Cyber Attack

(pc-Google Images)
Hackers launched an attack on the Garda Siochana (Irish Police) Computer Systems last week that forced the shut down a number of internal systems in an attempt to prevent sensitive data from being compromised.

Gardai has identified the breach as a "zero-day" malware threat- a software vulnerability that can be used to affect and exploit computer programs, data, and networks. It is, however, not known if an Irish or international hacker or a group of hackers are behind the incident.

 “Heightening security, protocols were then enforced across the ICT system "to limit any effect on our systems", a spokesperson said. “Working with security experts the threat was identified and an appropriate solution was implemented across all Garda Siochana ICT systems. An Garda Siochana are continuing our investigation into the incident”, he added.

(pc- Google Images)
Gardai have said that no data was compromised during the security threat, and that the Pulse system and the garda website were not affected either.

The gardai's IT systems have been criticised in recent times by the Garda Inspectorate, with the independent body saying systems were decades out of date. A 2015 report stressed on major upgrades within the garda IT system.
Read more »
Subscribe to: Comments (Atom)